Can't instal Widows Live Messenger

Unknown · January 2008

Downloaded the install and executed it. Once the installer starts it ends and opens up a firefox session to the windows live home page but the client is never installed.

Hijackthis LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:32 PM, on 1/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ltmsg.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ArGo Software Design\Mail Server\mailserver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ScreenThemes\scthemes.exe
C:\Program Files\Iusacell\QuickLink Mobile\QuickLink Mobile.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\SQLLIB\bin\db2jds.exe
C:\Program Files\SQLLIB\bin\db2sec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sterling Commerce\Connect Direct v4.4.00\MySQL\bin\mysqld-nt.exe
C:\WINDOWS\system32\NPSService.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Pidgin\pidgin.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://scinsider/My+e-Workplace/default.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 128.10.84.195 dzeta
O1 - Hosts: 128.10.84.195 dseta
O1 - Hosts: 128.10.84.196 espsilon
O1 - Hosts: 172.18.36.77 sigma
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\tbu46\AOL_security_toolbar.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: PDF de Adobe - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbu46\AOL_security_toolbar.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [HP Mobile Printing] C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
O4 - HKCU\..\Run: [ArGoSoftMailServer] C:\Program Files\ArGo Software Design\Mail Server\mailserver.exe
O4 - HKCU\..\Run: [Net Profile Switch] "C:\Program Files\JitBit\Net Profile Switch\NetProfileSwitch.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: ScreenThemes.lnk = C:\Program Files\ScreenThemes\scthemes.exe
O4 - Global Startup: Inicio rápido de Adobe Acrobat.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convertir a PDF de Adobe - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir a PDF existente - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir destino de vínculo a PDF existente - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir destino de vínculo en archivo PDF de Adobe - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir selección a archivo PDF existente - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir selección a PDF de Adobe - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir vínculos seleccionados a PDF de Adobe - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir vínculos seleccionados a PDF existente - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: http://www.apple.com
O15 - Trusted Zone: http://dxop.dmbgroup.com
O15 - Trusted Zone: http://*.spaces.live.com
O15 - Trusted Zone: http://by110fd.bay110.hotmail.msn.com
O15 - Trusted Zone: http://messenger.msn.com
O15 - Trusted Zone: http://cp.sterlingcommerce.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted IP range: http://127.0.0.1
O15 - Trusted IP range: http://192.168.9.229
O16 - DPF: {044123B5-35DF-4C4E-BAED-26B8ED964342} (HLiveRobotWeb Control) - https://update3.globalhauri.com/Custom/LiveSuite/BANAMEX/web/HLiveRobotWeb.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183390106258
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183390095933
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} (Java Plug-in 1.3.1_01) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{131EA076-FB50-4198-BDE1-877CB14D4E2F}: NameServer = 192.168.7.16,128.10.72.234
O17 - HKLM\System\CCS\Services\Tcpip\..\{C75051A9-54ED-4306-ABCF-2E3BBBE082C2}: NameServer = 207.83.200.200 4.2.2.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Connect Direct Browser 1.4.00 ($CDBrowser1400) - Zero G - C:\PROGRA~1\STERLI~1\CONNEC~2.00\bin\CDBROW~1.EXE
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Active Virus Shield (AVP) - AOL - C:\Program Files\AOL\Active Virus Shield\avp.exe
O23 - Service: Connect Direct File Agent (cdfa$) - ZeroG Software - C:\PROGRA~1\STERLI~1\FILEAG~1\cdfa$.exe
O23 - Service: Connect Direct FTP+ SD (CDFtpSD$) - ZeroG Software - C:\PROGRA~1\STERLI~1\CDFtp\CDFtpSD$.exe
O23 - Service: Connect Direct Select (CDSelect$) - ZeroG Software - C:\PROGRA~1\STERLI~1\CDSelect\bin\CDSELE~1.EXE
O23 - Service: Connect Direct v4.2.00 - MHERN1 (Connect Direct v4.2.00) - Sterling Commerce, Inc. - C:\Program Files\Sterling Commerce\Connect Direct v4.2.00\Server\CDNT.exe
O23 - Service: Connect Direct v4.4.00 - MHERN1 (Connect Direct v4.4.00) - Sterling Commerce, Inc. - C:\Program Files\Sterling Commerce\Connect Direct v4.4.00\Server\CDNT.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DB2 JDBC Applet Server - Control Center (DB2ControlCenterServer) - Unknown owner - C:\Program Files\SQLLIB\bin\db2ccs.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - Unknown owner - C:\Program Files\SQLLIB\bin\db2jds.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\SQLLIB\bin\db2sec.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: FreeSSHDService - Unknown owner - C:\Program Files\freeSSHd\FreeSSHDService.exe
O23 - Service: Gentran Integration Suite at port 10000 - Alexandria Software Consulting - C:\SterlingCommerce\SI\bin\si.exe
O23 - Service: Gentran Integration Suite CmdLine2Adapter at port 10000 - Alexandria Software Consulting - C:\SterlingCommerce\SI\bin\cla2client.exe
O23 - Service: Gentran Integration Suite EventListeners at port 10000 - Alexandria Software Consulting - C:\SterlingCommerce\SI\bin\vslisten.exe
O23 - Service: Gentran Integration Suite Noapps at port 10000 - Alexandria Software Consulting - C:\SterlingCommerce\SI\bin\Noapp.exe
O23 - Service: Gentran Integration Suite Opsserver at port 10000 - Alexandria Software Consulting - C:\SterlingCommerce\SI\bin\ops.exe
O23 - Service: Gentran Integration Suite WebDav at port 10000 - Alexandria Software Consulting - C:\SterlingCommerce\SI\bin\webdav.exe
O23 - Service: Gentran_Integration_Suite_MySql_at_port_10000 - Unknown owner - C:\SterlingCommerce\SI\mysql\bin\mysqld-nt.exe
O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Ltd. - C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe
O23 - Service: Smart Card Gina Helper (hpfdglc) - Unknown owner - C:\WINDOWS\System32\hpfdglc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Hummingbird Jconfig Daemon (Jconfigd) - Hummingbird Ltd. - C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe
O23 - Service: MySQL - Connect Direct v4.4.00 - Unknown owner - C:\Program Files\Sterling Commerce\Connect Direct v4.4.00\MySQL\bin\mysqld-nt.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: NPSService - Jitbit Software - C:\WINDOWS\system32\NPSService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: TrapRcvr - Unknown owner - C:\Program Files\TrapReceiver\trthread.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 17104 bytes

Katana · January 2008

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly

I apologize for the delay in responding, but as you can probably see the forums are quite busy
and sometimes a post manages to slip by us.
Unfortunately there are far more people needing help than there are helpers.

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Installed Programs
Please could you give me a list of the programs that are installed.

Start HijackThis
Click on the Config button
Click on the Misc Tools button
Click on the Open Uninstall Manager button.

You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Mexicano43 · January 2008

Katana, thnx for your help, here is the info that you requested.

Marco

Hijckthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:33:34 PM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ltmsg.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ArGo Software Design\Mail Server\mailserver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ScreenThemes\scthemes.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\SQLLIB\bin\db2jds.exe
C:\Program Files\SQLLIB\bin\db2sec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sterling Commerce\Connect Direct v4.4.00\MySQL\bin\mysqld-nt.exe
C:\WINDOWS\system32\NPSService.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://scinsider/My+e-Workplace/default.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 128.10.84.195 dzeta
O1 - Hosts: 128.10.84.195 dseta
O1 - Hosts: 128.10.84.196 espsilon
O1 - Hosts: 172.18.36.77 sigma
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\tbu46\AOL_security_toolbar.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: PDF de Adobe - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbu46\AOL_security_toolbar.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [HP Mobile Printing] C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
O4 - HKCU\..\Run: [ArGoSoftMailServer] C:\Program Files\ArGo Software Design\Mail Server\mailserver.exe
O4 - HKCU\..\Run: [Net Profile Switch] "C:\Program Files\JitBit\Net Profile Switch\NetProfileSwitch.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: ScreenThemes.lnk = C:\Program Files\ScreenThemes\scthemes.exe
O4 - Global Startup: Inicio rápido de Adobe Acrobat.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convertir a PDF de Adobe - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir a PDF existente - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir destino de vínculo a PDF existente - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir destino de vínculo en archivo PDF de Adobe - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir selección a archivo PDF existente - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir selección a PDF de Adobe - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir vínculos seleccionados a PDF de Adobe - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir vínculos seleccionados a PDF existente - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: http://www.apple.com
O15 - Trusted Zone: http://dxop.dmbgroup.com
O15 - Trusted Zone: http://*.spaces.live.com
O15 - Trusted Zone: http://by110fd.bay110.hotmail.msn.com
O15 - Trusted Zone: http://messenger.msn.com
O15 - Trusted Zone: http://cp.sterlingcommerce.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted IP range: http://127.0.0.1
O15 - Trusted IP range: http://192.168.9.229
O16 - DPF: {044123B5-35DF-4C4E-BAED-26B8ED964342} (HLiveRobotWeb Control) - https://update3.globalhauri.com/Custom/LiveSuite/BANAMEX/web/HLiveRobotWeb.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183390106258
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183390095933
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} (Java Plug-in 1.3.1_01) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{11A50EC5-A520-4AA7-B9DC-99D46FC58DEF}: NameServer = 10.255.236.6,10.255.236.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{131EA076-FB50-4198-BDE1-877CB14D4E2F}: NameServer = 10.255.236.6,10.255.236.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B88303C-E796-456C-B480-20125E43B4E8}: NameServer = 10.255.236.6,10.255.236.7
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Connect Direct Browser 1.4.00 ($CDBrowser1400) - Zero G - C:\PROGRA~1\STERLI~1\CONNEC~2.00\bin\CDBROW~1.EXE
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Active Virus Shield (AVP) - AOL - C:\Program Files\AOL\Active Virus Shield\avp.exe
O23 - Service: Connect Direct File Agent (cdfa$) - ZeroG Software - C:\PROGRA~1\STERLI~1\FILEAG~1\cdfa$.exe
O23 - Service: Connect Direct FTP+ SD (CDFtpSD$) - ZeroG Software - C:\PROGRA~1\STERLI~1\CDFtp\CDFtpSD$.exe
O23 - Service: Connect Direct Select (CDSelect$) - ZeroG Software - C:\PROGRA~1\STERLI~1\CDSelect\bin\CDSELE~1.EXE
O23 - Service: Connect Direct v4.2.00 - MHERN1 (Connect Direct v4.2.00) - Sterling Commerce, Inc. - C:\Program Files\Sterling Commerce\Connect Direct v4.2.00\Server\CDNT.exe
O23 - Service: Connect Direct v4.4.00 - MHERN1 (Connect Direct v4.4.00) - Sterling Commerce, Inc. - C:\Program Files\Sterling Commerce\Connect Direct v4.4.00\Server\CDNT.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DB2 JDBC Applet Server - Control Center (DB2ControlCenterServer) - Unknown owner - C:\Program Files\SQLLIB\bin\db2ccs.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - Unknown owner - C:\Program Files\SQLLIB\bin\db2jds.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\SQLLIB\bin\db2sec.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: FreeSSHDService - Unknown owner - C:\Program Files\freeSSHd\FreeSSHDService.exe
O23 - Service: Gentran Integration Suite at port 10000 - Alexandria Software Consulting - C:\SterlingCommerce\SI\bin\si.exe
O23 - Service: Gentran Integration Suite CmdLine2Adapter at port 10000 - Alexandria Software Consulting - C:\SterlingCommerce\SI\bin\cla2client.exe
O23 - Service: Gentran Integration Suite EventListeners at port 10000 - Alexandria Software Consulting - C:\SterlingCommerce\SI\bin\vslisten.exe
O23 - Service: Gentran Integration Suite Noapps at port 10000 - Alexandria Software Consulting - C:\SterlingCommerce\SI\bin\Noapp.exe
O23 - Service: Gentran Integration Suite Opsserver at port 10000 - Alexandria Software Consulting - C:\SterlingCommerce\SI\bin\ops.exe
O23 - Service: Gentran Integration Suite WebDav at port 10000 - Alexandria Software Consulting - C:\SterlingCommerce\SI\bin\webdav.exe
O23 - Service: Gentran_Integration_Suite_MySql_at_port_10000 - Unknown owner - C:\SterlingCommerce\SI\mysql\bin\mysqld-nt.exe
O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Ltd. - C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe
O23 - Service: Smart Card Gina Helper (hpfdglc) - Unknown owner - C:\WINDOWS\System32\hpfdglc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Hummingbird Jconfig Daemon (Jconfigd) - Hummingbird Ltd. - C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe
O23 - Service: MySQL - Connect Direct v4.4.00 - Unknown owner - C:\Program Files\Sterling Commerce\Connect Direct v4.4.00\MySQL\bin\mysqld-nt.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: NPSService - Jitbit Software - C:\WINDOWS\system32\NPSService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: TrapRcvr - Unknown owner - C:\Program Files\TrapReceiver\trthread.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 16624 bytes

Uninstall_list

Active Virus Shield
Ad-Aware SE Personal
Adobe Acrobat 7.0.9 Professional - Español, Italiano, Português
Adobe Flash Player Plugin
Advanced Query Tool
Agere Systems AC'97 Modem
AOL Security Toolbar
Apple Mobile Device Support
Apple Software Update
ArGoSoft Mail Server Freeware
Aspell Spanish Dictionary-0.50-2
ATI Display Driver
AvantGo Client
Azureus
BitTorrent 4.4.1
BitWise 1.7.2
BlackBerry Desktop Software 4.2.2
BlackBerry Desktop Software 4.2.2
CCleaner (remove only)
Certificate Wizard
Codec Pack - All In 1 6.0.3.0
Commendo Voyager
Commendo Voyager Extensions
Commendo Voyager Library
Connect Direct for Windows
Connect Direct FTP+
Connect Direct Select
Connect Direct Windows
Connect Direct Windows SDK
Connect:Enterprise Command Line Client (Production)
Connect_Direct_Browser_v1.4.00
Creative WebCam Center
Creative WebCam Notebook Driver (1.04.01.0322)
Cucusoft DVD to iPod + iPod Video Converter Suite 3.2.3.9
Cucusoft DVD to iPod Converter 3.15
Curitel PC Card Software
DBArtisan 8.1.5
Documents To Go
Easy CD & DVD Creator 6
Error Messages for Windows
Ethereal 0.99.0
FileAgent
FileZilla Server (remove only)
FLAC 1.1.4b (remove only)
freeSSHd 1.1.0b
FriendFinder Messenger v4.0
GNU Aspell 0.50-3
GnuPG For Windows
Google Earth
GTK+ Runtime 2.10.11 rev b (remove only)
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB915800)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hummingbird Exceed V7.0
IBM DB2
iConcertCal
Intel(R) PRO Ethernet Adapter and Software
Intel(R) PROSet for Wireless
InterVideo DVD Check
InterVideo WinDVD
iPig Client V1.02
Ipswitch WS_FTP Pro
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment Standard Edition v1.3.1_01
Java 2 Runtime Environment Standard Edition v1.3.1_09
Java 2 Runtime Environment, SE v1.4.2_06
Java 2 Runtime Environment, SE v1.4.2_12
Java 2 SDK Standard Edition v1.3.1_09
Java 2 SDK, SE v1.4.2_06
Java 2 SDK, SE v1.4.2_12
Java Web Start
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Joost (tm) 0.10.3
KEA! X Version 3.0
LiveCall Suite
Lucent Win Modem
Macromedia Flash Player 8
Macromedia Shockwave Player
Map Editor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Office Access MUI (Spanish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Spanish) 2007
Microsoft Office Groove MUI (Spanish) 2007
Microsoft Office InfoPath MUI (Spanish) 2007
Microsoft Office Live Meeting 2005
Microsoft Office OneNote MUI (Spanish) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Spanish) 2007
Microsoft Office PowerPoint MUI (Spanish) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Spanish) 2007
Microsoft Office Publisher MUI (Spanish) 2007
Microsoft Office Shared MUI (Spanish) 2007
Microsoft Office Visio Professional 2003
Microsoft Office Word MUI (Spanish) 2007
Microsoft SQL Server 2000 Driver for JDBC Service Pack 3
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Management Studio Express CTP
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mobipocket Reader 6.0
Mozilla Firefox (2.0.0.11)
Mp3tag v2.38
MSXML 6.0 Parser (KB933579)
Net Profiles
Odyssey Client
Palm Desktop and Synchronization Software
Pidgin
powerOne Personal v2.1.1 for Handhelds
PrimoPDF
PSPad editor
PuTTY version 0.60
QuickLink Mobile
QuickTime
Roxio Media Manager
Rush Screensaver
Secure Client
Security Task Manager 1.7
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926247)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939373)
Skype 3.0
Skype Plugin Manager
Star Wars ScreenThemes 3.0
Synaptics Pointing Device Driver
Trap Receiver
Trillian
TrueCrypt
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
VMware Workstation
Volo View Express
VPN Client
WebEx
Winamp
Windows Communication Foundation
Windows Defender Signatures
Windows Desktop Search 3.01
Windows Desktop Search 3.01
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Live installer
Windows Live Mail
Windows Media Connect
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinPcap 3.1
WinRAR archiver
WinZip
Wireless-G Notebook Adapter
Yahoo! Anti-Spy
Yahoo! Browser Services
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
YouTube Catcher 1.0b

Combolit log

ComboFix 08-01-30.1 - mhernandez 2008-01-29 16:16:31.1 - NTFSx86
Running from: C:\temp\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\Cache

.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 )))))))))))))))))))))))))))))))
.

2008-01-29 16:09 . 2004-08-03 23:00 260,272 --a

C:\cmldr
2008-01-29 16:09 . 2005-10-23 10:57 321 --a

C:\Boot.bak
2008-01-29 16:02 . 2008-01-29 16:04 4,608,744 --a

C:\temp\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
2008-01-29 15:59 . 2008-01-29 16:00 1,590,379 --a

C:\temp\ComboFix.exe
2008-01-23 21:14 . 2008-01-23 21:14 <DIR> d

C:\Program Files\Trend Micro
2008-01-23 21:11 . 2008-01-23 21:13 812,344 --a

C:\temp\HJTInstall.exe
2008-01-23 20:28 . 2008-01-23 20:28 2,400,784 --a

C:\temp\WLinstaller.exe
2008-01-23 16:34 . 2008-01-23 16:34 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-18 15:27 . 2008-01-18 15:27 <DIR> d

C:\Program Files\iPod
2008-01-17 12:48 . 2008-01-17 12:51 <DIR> d

C:\temp\CDWin4400
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a

C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a

C:\WINDOWS\system32\QuickTime.qts
2008-01-04 00:47 . 2008-01-04 00:47 268 --ah

C:\sqmdata00.sqm
2008-01-04 00:47 . 2008-01-04 00:47 244 --ah

C:\sqmnoopt00.sqm
2007-12-16 08:11 . 2008-01-29 11:57 54,156 --ah

C:\WINDOWS\QTFont.qfn
2007-12-16 08:11 . 2007-12-16 08:11 1,409 --a

C:\WINDOWS\QTFont.for
2007-12-08 14:01 . 2007-12-08 14:01 256 --a

C:\Documents and Settings\mhernandez.MHERN1\pool.bin
2007-12-08 13:40 . 2007-12-08 13:40 <DIR> d

C:\Program Files\Infotriever
2007-12-03 23:50 . 2007-12-03 23:50 <DIR> d--hs---- C:\found.000

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 22:25

d

w C:\Documents and Settings\mhernandez.MHERN1\Application Data\.purple
2008-01-30 22:24 1,406,240 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-30 22:23

d

w C:\Documents and Settings\mhernandez.MHERN1\Application Data\Skype
2008-01-29 17:58

d

w C:\Documents and Settings\LocalService\Application Data\VMware
2008-01-29 17:58

d

w C:\Documents and Settings\All Users\Application Data\VMware
2008-01-29 09:10 421,888 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-29 09:10 31,471,136 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-29 09:10 133,280 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-29 07:45

d

w C:\Documents and Settings\mhernandez.MHERN1\Application Data\gtk-2.0
2008-01-25 06:41

d

w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-24 02:21

d

w C:\Program Files\Pidgin
2008-01-18 21:28

d

w C:\Program Files\iTunes
2008-01-18 21:23

d

w C:\Program Files\QuickTime
2008-01-17 19:02

d

w C:\Program Files\Sterling Commerce
2008-01-05 06:29

d

w C:\Documents and Settings\mhernandez.MHERN1\Application Data\Azureus
2007-12-28 21:15

d

w C:\Program Files\Azureus
2007-12-17 15:13

d

w C:\Documents and Settings\mhernandez.MHERN1\Application Data\VMware
2007-10-20 23:32 90,112 ----a-w C:\WINDOWS\DUMPb637.tmp
2007-10-20 17:20 90,112 ----a-w C:\WINDOWS\DUMP8f22.tmp
2007-10-20 17:18 90,112 ----a-w C:\WINDOWS\DUMP9103.tmp
2007-10-20 17:13 90,112 ----a-w C:\WINDOWS\DUMP9442.tmp
2007-10-20 17:12 90,112 ----a-w C:\WINDOWS\DUMP4d7e.tmp
2007-10-20 17:10 90,112 ----a-w C:\WINDOWS\DUMP5551.tmp
2007-10-20 17:09 90,112 ----a-w C:\WINDOWS\DUMP3c20.tmp
2007-10-20 17:08 90,112 ----a-w C:\WINDOWS\DUMP9514.tmp
2007-10-20 17:07 90,112 ----a-w C:\WINDOWS\DUMP8f90.tmp
2007-10-20 17:05 90,112 ----a-w C:\WINDOWS\DUMPa030.tmp
2007-09-25 17:50 99,640 ----a-w C:\Documents and Settings\mhernandez.MHERN1\metadata.dat
2005-11-01 19:31 0 ----a-w C:\Documents and Settings\mhernandez.MHERN1\lock.dat
1999-12-02 20:53 27,648 ----a-w C:\Documents and Settings\mhernandez.MHERN1\Application Data\diruse.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Mobile Printing"="C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE" [ ]
"ArGoSoftMailServer"="C:\Program Files\ArGo Software Design\Mail Server\mailserver.exe" [2004-10-28 10:54 1299456]
"Net Profile Switch"="C:\Program Files\JitBit\Net Profile Switch\NetProfileSwitch.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-12-18 17:32 25365032]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 19:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 17:44 65536]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2004-06-24 01:36 868352]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2004-10-26 15:17 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2004-03-19 13:40 88363 C:\WINDOWS\AGRSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 17:40 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 17:38 688218]
"PRONoMgr.exe"="C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2003-12-10 01:36 86016]
"LTWinModem1"="ltmsg.exe" [2003-12-12 01:00 40960 C:\WINDOWS\system32\ltmsg.exe]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 19:52 483328]
"CoolSwitch"="C:\WINDOWS\System32\taskswitch.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"aol"="C:\Program Files\AOL\Active Virus Shield\avp.exe" [2006-05-30 10:13 139367]
"FileZilla Server Interface"="C:\Program Files\FileZilla Server\FileZilla Server Interface.exe" [2007-02-27 08:55 937984]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-03-26 06:07 228088]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

C:\Documents and Settings\mhernandez.MHERN1\Start Menu\Programs\Startup\
ScreenThemes.lnk - C:\Program Files\ScreenThemes\scthemes.exe [2007-02-02 12:48:46 135168]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Inicio r pido de Adobe Acrobat.lnk - C:\WINDOWS\Installer\{AC76BA86-1034-4700-7760-000000000002}\SC_Acrobat.exe [2006-08-02 11:53:18 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINDOWS\system32\LgNotify.dll 2003-12-16 15:49 110592 C:\WINDOWS\system32\LgNotify.dll

R1 tcpredir;tcpredir;C:\Program Files\iPig\Client\tcpredir.sys [2005-11-02 21:06]
R2 MySQL - Connect Direct v4.4.00;MySQL - Connect Direct v4.4.00;"C:\Program Files\Sterling Commerce\Connect Direct v4.4.00\MySQL\bin\mysqld-nt.exe" --defaults-file="C:\Program Files\Sterling Commerce\Connect Direct v4.4.00\MySQL\my.ini" "MySQL []
R2 NPSService;NPSService;C:\WINDOWS\system32\NPSService.exe [2007-04-05 11:51]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-03 23:56]
R3 pwi_bus;Curitel PC Card Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\pwi_bus.sys [2005-11-29 14:11]
R3 pwi_mdfl;Curitel PC Card Filter;C:\WINDOWS\system32\DRIVERS\pwi_mdfl.sys [2005-11-29 14:11]
R3 pwi_mdm;Curitel PC Card Drivers;C:\WINDOWS\system32\DRIVERS\pwi_mdm.sys [2005-11-29 14:11]
R3 pwi_oflt;Curitel PC Card OHCI Filter;C:\WINDOWS\system32\DRIVERS\pwi_oflt.sys [2005-11-29 14:11]
R3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);C:\WINDOWS\system32\DRIVERS\pwi_serd.sys [2005-11-29 14:11]
S0 black;black;C:\WINDOWS\system32\drivers\BlackDrv.sys []
S2 Connect Direct v4.4.00;Connect Direct v4.4.00 - MHERN1;"C:\Program Files\Sterling Commerce\Connect Direct v4.4.00\Server\CDNT.exe" [2007-07-11 12:17]
S2 hpfdglc;Smart Card Gina Helper;C:\WINDOWS\System32\hpfdglc.exe []
S2 NICSer_WPC54G;NICSer_WPC54G;C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe [2003-11-13 13:29]
S3 $CDBrowser1400;Connect Direct Browser 1.4.00;C:\PROGRA~1\STERLI~1\CONNEC~2.00\bin\CDBROW~1.EXE [2005-10-23 13:50]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28]
S3 cdfa$;Connect Direct File Agent;C:\PROGRA~1\STERLI~1\FILEAG~1\cdfa$.exe [2005-10-23 13:53]
S3 CDFtpSD$;Connect Direct FTP+ SD;C:\PROGRA~1\STERLI~1\CDFtp\CDFtpSD$.exe [2007-04-20 10:11]
S3 CDSelect$;Connect Direct Select;C:\PROGRA~1\STERLI~1\CDSelect\bin\CDSELE~1.EXE [2005-10-23 13:38]
S3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2003-07-28 23:49]
S3 Connect Direct v4.2.00;Connect Direct v4.2.00 - MHERN1;"C:\Program Files\Sterling Commerce\Connect Direct v4.2.00\Server\CDNT.exe" [2005-01-11 11:10]
S3 CSCO21;Cisco Aironet 802.11a/b/g Wireless Adapter Service;C:\WINDOWS\system32\DRIVERS\csco21.sys [2005-05-11 19:49]
S3 DB2ControlCenterServer;DB2 JDBC Applet Server - Control Center;"C:\Program Files\SQLLIB\bin\db2ccs.exe" [2001-04-16 17:27]
S3 Gentran Integration Suite at port 10000;Gentran Integration Suite at port 10000;C:\SterlingCommerce\SI\bin\si.exe [2006-12-15 13:12]
S3 Gentran Integration Suite CmdLine2Adapter at port 10000;Gentran Integration Suite CmdLine2Adapter at port 10000;C:\SterlingCommerce\SI\bin\cla2client.exe [2006-12-15 13:12]
S3 Gentran Integration Suite EventListeners at port 10000;Gentran Integration Suite EventListeners at port 10000;C:\SterlingCommerce\SI\bin\vslisten.exe [2006-12-15 13:12]
S3 Gentran Integration Suite Noapps at port 10000;Gentran Integration Suite Noapps at port 10000;C:\SterlingCommerce\SI\bin\Noapp.exe [2006-12-15 13:12]
S3 Gentran Integration Suite Opsserver at port 10000;Gentran Integration Suite Opsserver at port 10000;C:\SterlingCommerce\SI\bin\ops.exe [2006-12-15 13:12]
S3 Gentran Integration Suite WebDav at port 10000;Gentran Integration Suite WebDav at port 10000;C:\SterlingCommerce\SI\bin\webdav.exe [2006-12-15 13:12]
S3 Gentran_Integration_Suite_MySql_at_port_10000;Gentran_Integration_Suite_MySql_at_port_10000;C:\SterlingCommerce\SI\mysql\bin\mysqld-nt []
S3 ICAM3NT5;Intel USB Video Camera III;C:\WINDOWS\system32\Drivers\Icam3.sys [2001-08-17 12:05]
S3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2004-05-13 10:58]
S3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2003-07-24 13:50]
S3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 12:53]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 15:10]
S3 P1171VID;Creative WebCam Notebook #2;C:\WINDOWS\system32\DRIVERS\P1171Vid.sys [2004-03-19 01:00]
S3 RapFile;RapFile;C:\WINDOWS\System32\drivers\RapFile.sys [2003-06-19 12:40]
S3 RapNet;RapNet;C:\WINDOWS\System32\drivers\RapNet.sys [2003-06-19 12:40]
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2007-06-12 09:37]
S3 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 04:29]
S3 vrskbdft;vrskbdft;C:\WINDOWS\system32\drivers\vrskbdft.sys [2004-06-08 14:30]
S3 WLAN_400_500_SERVICE;HP WLAN W400/W500 Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\ar5211.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f4b22c0-c753-11db-98df-005056c00008}]
\Shell\AutoRun\command - E:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{822f28a3-9ed5-11db-98bf-005056c00008}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-22 22:55:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 16:25:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-30 17:24:31

Katana · January 2008

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Azureus
BitTorrent 4.4.1
BitWise 1.7.2

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Please note: you must NOT use this whilst we are cleaning your machine.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6u4
http://java.sun.com/javase/downloads/index.jsp
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check for any item with Java Runtime Environment (JRE or J2SE) in the name.

J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 6 Java 2 Runtime Environment Standard Edition v1.3.1_01 Java 2 Runtime Environment Standard Edition v1.3.1_09 Java 2 Runtime Environment, SE v1.4.2_06 Java 2 Runtime Environment, SE v1.4.2_12 Java 2 SDK Standard Edition v1.3.1_09 Java 2 SDK, SE v1.4.2_06 Java 2 SDK, SE v1.4.2_12 Java(TM) 6 Update 3 Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.

Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.

Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines IF still present

I would not recommend having anything in the "trusted zone". If you did not deliberately add these then fix them
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: http://www.apple.com
O15 - Trusted Zone: http://dxop.dmbgroup.com
O15 - Trusted Zone: http://*.spaces.live.com
O15 - Trusted Zone: http://by110fd.bay110.hotmail.msn.com
O15 - Trusted Zone: http://messenger.msn.com
O15 - Trusted Zone: http://cp.sterlingcommerce.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted IP range: http://127.0.0.1
O15 - Trusted IP range: http://192.168.9.229

These should be fixed in any event
O16 - DPF: {CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} (Java Plug-in 1.3.1_01) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -

- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Please post the Kaspersky log in your reply

Trogan · February 2008

This topic is now closed due to inactivity. If you wish to reopen your topic, please send a Private Message (PM) to Trogan with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

If you are not the user who started this thread, you must start your own Thread instead (grin)

Can't instal Widows Live Messenger

Comments